Dear Amit,
Thank you for pointing in right direction.
However, there are some shortcomings of implementing eMPF, I have
encountered:
Scenario 1: User A has been configured to prevent sending mails to
external domain.
If user A sends mail to internal domain (permitted by policy), with a
copy to external domain (denied by policy), the entire mail is rejected.
Scenario 2: Vpopmail has been configured with /defaultdomain/ name in
~vpopmail/etc/defaultdomain file
With defaultdomain configured, it is not mandatory to supply full
emailaddress for authenticating with mailserver resulting in eMPF to
fail and allow all emails.
--
Having said that I have been able to write a workaround for Scenario 2
but living with Scenario 1 currently.
Any help will be appreciated.
Attached is patch I have created for Scenario 2.
HOWTO for Scenario 2:
------
1. Apply patch
2. Configure and export QMAILDEFAULTDOMAIN variable in the run file for
SMTP Server
e.g. export QMAILDEFAULTDOMAIN="@example.com"
Thanks & Regards,
On 08-06-12 17:40, Amit Dalia wrote:
This can be done with the help of eMPF patch with qmail.
With Regards,
Amit Dalia
---- Original Message ----
From: Todor Petkov <z...@online.bg>
To: vchkpw@inter7.com
Sent: Fri, Jun 8, 2012, 17:02 PM
Subject: [vchkpw] [SPAM] Re: [vchkpw] Prevent certain users from send emails
outside the local domain.
On 06/08/2012 01:04 PM, Pritam D. Gautam wrote:
Hi,
I am required to prevent certain users on my Qmail Server from sending
emails to outside domain.
In my understanding, only IP Addresses can be prevented from relaying!
But that's something which does not work in my environment considering
we have DHCP setup.
Any help will be appreciated.
Regards,
Hello,
not 100% sure, but I think you can do it via vmoduser and adding -r flag
to the user. This, however, will require smtp auth usage.
For more information, look at http://www.qmailwiki.org/Vpopmail#vmoduser
Regards,
!DSPAM:4fd3371934206430959780!
--- policy.c 2012-06-09 16:15:17.000000000 +0530
+++ /home/pd/policy.c 2012-06-09 16:23:47.000000000 +0530
@@ -119,11 +119,28 @@
domains_free();
#endif
- if (remoteinfo)
+/*----Begin Customization -- PritamDutt (Pd)----------*/
+
+/*
+In case a *defaultdomain* is defined in ~vpopmail/etc/defaultdomain file,
+and client does not provide domain name during authentication process the
policy check module fails.
+
+To workaround: following is being done:
+1. QMAILDEFAULTDOMAIN variable is defined and exported in run file of SMTP
server
+e.g. export QMAILDEFAULTDOMAIN="@example.com"
+2. The environment variable is extracted and appended to authenticating user
id.
+*/
+
+ if (remoteinfo){
+ if (strchr(remoteinfo,'@')==NULL)
+ strcat(remoteinfo,env_get("QMAILDEFAULTDOMAIN"));
p = remoteinfo;
+ }
else
p = mailfrom.s;
+/*----End Customization -- PritamDutt (Pd)----------*/
+
fprintf(stderr, "policy_check: %s %s -> %s %s (%s)\n",
rcpthosts(p, strlen(p)) ? "local" : "remote", p,
rcpthosts(addr.s, strlen(addr.s)) ? "local" : "remote", addr.s,
